CVE-2026-53294

Summary

In the Linux kernel, the following vulnerability has been resolved:

mailbox: mailbox-test: don't free the reused channel

The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8ea4484d0c2bb4e2152261943fa1a3522654b1c7 < fc0089f82c3e36060c2c79156bc2018bfb16b56baffected
LinuxLinux8ea4484d0c2bb4e2152261943fa1a3522654b1c7 < 5d4f3d0f64f1016cb78b400a70b67df91fac99b5affected
LinuxLinux8ea4484d0c2bb4e2152261943fa1a3522654b1c7 < c494a11da45ad7ec9b0ff216c3e3ace351193bb6affected
LinuxLinux8ea4484d0c2bb4e2152261943fa1a3522654b1c7 < 3afca89fae501dbd7421e1777b5b8f033b1d98d0affected
LinuxLinux8ea4484d0c2bb4e2152261943fa1a3522654b1c7 < 5c209299b0113e289e238fa5f2e8f00c59f76060affected
LinuxLinux8ea4484d0c2bb4e2152261943fa1a3522654b1c7 < 82f6dcea46cf5de65c4ba7283f7c7b34de4a324daffected
LinuxLinux8ea4484d0c2bb4e2152261943fa1a3522654b1c7 < 240c71a2aea36a1a4210f911a1c32ea88777e8e4affected
LinuxLinux8ea4484d0c2bb4e2152261943fa1a3522654b1c7 < 88ebadbf0deefdaccdab868b44ff70a0a257f473affected
LinuxLinux4.4affected
LinuxLinux0 < 4.4unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.141 <= 6.6.*unaffected
LinuxLinux6.12.91 <= 6.12.*unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References